The SecurITree Advantage

Incident Risk ≡ Incident Probability × Incident
Impact

It is impossible to achieve an appropriate level of security at a
reasonable cost unless you know how you will be attacked and what
the impact will be to you.

Conventional risk analysis technologies rely on checklists and
statistics - neither of which are effective for hostile threats. They
deliver voluminous, difficult to understand reports which require huge
amounts of work to repeat when conditions change. If you are satisfied
with these old fashioned approaches then proceed with caution! The
material on this site may forever change your way of viewing threat risk
analysis.

Advantages of SecurITree's Capability-Based Attack Tree Approach

Objective results - a clear, repeatable reasoning process is used to
determine which threats are important. Distinguishes between the
illusion of perceived risks and iceberg tips of actual risks.

Defensible decisions - SecurITree
captures the assumptions about the
attacker's capabilities, the defenses protecting the asset and the
impact of a successful attack. The logic that was used to make decisions
can be reconstructed even when analysts' memories have faded. This makes
it easier to defend decisions in times of trouble.

Understandable presentations - graphical attack trees are easily
understood by specialists and non-specialists alike. Attack trees are a
compelling format for conveying the relevant information needed by
management to make informed decisions.

Identifies effective solutions - the attack tree structure makes it
easy to see architectural defects in defenses. This leads to the
construction of robust solutions that deliver the maximum bang for the
buck. Since the analysis process identifies the weaknesses that your
adversaries will exploit, your security resources are not squandered in
protecting against hypothetical threats. The effect of proposed
solutions can be tested before implementation.

Adaptable to real world changes - Sudden changes in the environment
can be quickly reflected in analysis. "What-if" thought experiments can
be explored. Assumptions about the asset's defenses or the attacker's
capabilities can be changed instantly as new information becomes
available.

Scalable and reusable - Once a basic model of a particular situation
has been created, it can be used as a template for other, similar
situations. The knowledge of experts is captured in attack tree
libraries and can be reused by less specialized analysts. The skills of
many diverse subject matter experts can be combined in one project.